Cognizant, one of the world’s largest IT outsourcing companies, disclosed this spring that cybercriminals “exfiltrated” data related to employees’ corporate credit cards among other personal data including Social Security numbers, tax IDs, financial account information, and driver’s license and passport details.
“While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter,” said Karen McLoughlin, Cognizant Chief Financial Officer in an earnings call.
As a key service provider to some of the world’s largest companies and a member of the Fortune 500 itself, Cognizant’s breach and possible heightened risk of a future operational disruption stemming from it could prove much more costly than the $50-$70 mn in margin impact projected in May. Cyberhedge analysis indicates that there is an average 20 percent drop in operating margins for companies experiencing a cyber-related operational disruption like ransomware.
At a systemic level, vulnerabilities in Cognizant’s cyber governance create a heightened risk for all companies that rely on the company for aspects of its digital transformation. In short, if Cognizant has poor cyber governance, that is not only a risk for Cognizant but also for every company that relies upon it for aspects of digital transformation programs — from digital strategy and IOT to cloud enablement.
Many companies are relying more than ever on Cognizant amid the COVID-19 induced lockdowns. This should be a significant growth opportunity for the company but only if it can achieve strong cyber governance. Otherwise it risks that its services will instead be increasingly considered to be liabilities by its clients.